[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10873/{spice,spice-gtk}

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
baa61a7c by Salvatore Bonaccorso at 2018-08-17T02:50:59Z
Add CVE-2018-10873/{spice,spice-gtk}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11341,8 +11341,11 @@ CVE-2018-10874 (In ansible it was found that inventory variables are loaded from
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596528
 	NOTE: https://github.com/ansible/ansible/pull/42067
 	NOTE: https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e
-CVE-2018-10873
+CVE-2018-10873 [Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service]
 	RESERVED
+	- spice <unfixed>
+	- spice-gtk <unfixed>
+	NOTE: https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
 CVE-2018-10872 (A flaw was found in the way the Linux kernel handled exceptions ...)
 	- linux <not-affected> (Red Hat specific CVE-2018-8897 regression in RHEL 6.10)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596094



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/baa61a7ca18ce7004a6afd559dd0b4d2e53878ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/baa61a7ca18ce7004a6afd559dd0b4d2e53878ff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180817/b0f748da/attachment-0001.html>